It is being said that you should walk before you run. So we are going to understand some of the basic concepts which will be required to use and understanding the logic you are going to see under WinDBG.
Please note that this is the 3rd Article under the Basic Windows Debugging. Previous Articles are:
Introduction:
Before coming on to WinDBG Let’s understand from the very Basics “The CODE“. Let’s take this code for an Example:
#include <stdio.h>
int addition(int num1, int num2) //Parameters
{
int sum; //Local Variables
sum = num1+num2;
return sum;
}
int main()
{
int var1, var2; /* local variable declaration */
printf(“Enter number 1: “);
scanf(“%d”,&var1);
printf(“Enter number 2: “);
scanf(“%d”,&var2);
int res = addition(var1, var2); //Calling the Addition Function
printf (“Output: %d”, res);
return 0;
}
In This Example, we can note a few things.
Let’s start with the Main Function:
- Main Function has two Local Variables Declared as var1 and var2 which is capturing the input from the user and then passing these details to the Function Addition.
- These Details are passed as Parameters num1 and num2 in the Function Addition.
- The addition Function has its local variables as well which is Sum.
So we can say that the Main Function is Passing two Parameters to the Addition Function and Post the Add operation Addition Function is passing the results back to the Main Function.
Local Variables:
Variables that are declared inside a function or block are called local variables. They can be used only by statements that are inside that function or block of code. Local variables are not known to functions outside their own.
Global Variables
Global variables are defined outside a function, usually on top of the program. Global variables hold their values throughout the lifetime of your program and they can be accessed inside any of the functions defined for the program.
Parameters
Parameters are treated as local variables with-in a function
Now since now, we have some clarity on the very basic coding terms we can now discuss few things about the Windows Process.
What is User and Kernel Mode:
I will recommend you read the article: Understanding Kernel Mode and User Mode using Perfmon to gain some understanding of one of the Most important concepts in Windows.
Threads:
Thread is the smallest use of Execution in Windows. If you want windows to do any work for you, you will have to initiate a thread which can then be executed and can yield the desired results.
Process:
The process is a collection of threads aimed to perform a specific Task. The thread being the smallest unit of execution makes its use very limited due to which to perform a task there are multiple threads required, These threads are clubbed under one tree which is termed as Process.
Generally, a process will have at least 1 thread.
Now since you have covered the very basics of the Operating system and the Terms which we are going to use next, you can safely move ahead and research more on them when you find the Need.
